tree: 70c4cdd18edf2229602d14c22856ad9a59d9ec7f [path history] [tgz]
  1. .settings/
  2. jni/
  3. src/
  4. .classpath
  5. .cproject
  6. .gitignore
  7. .project
  8. Flatpak-Shim-Tests.launch
  9. Launch-Eclipse-with-Shim.launch
  10. LICENSE-EPL-2.0
  12. pom.xml

Flatpak Development Shim

A shim that allows Java programs to breakout of a Flatpak sandbox and spawn processes on the sandbox host. It is built as a Jigsaw-style module patch to override Java's java.lang.ProcessBuilder functionality and spawns processes on the sandbox host by communicating with the “Development” interface of the org.freedesktop.Flatpak DBus API.


In order to enable the shim, Java 15 is required and programs must be started with the following parameters:

--patch-module java.base=/path/to/flatpak-dev-shim.jar

And the Flatpak sandbox in which the Java program is running must be granted the following permissions:

--filesystem=host --allow=devel --talk-name=org.freedesktop.Flatpak

Use java.lang.ProcessBuilder in the usual way.


This project is built using maven and requires Java 15. To build the native parts successfully, JAVA_HOME must be set in the environment, for example:

JAVA_HOME=/usr/lib/jvm/java-15 mvn clean verify

To use system-specific compiler and linker flags when building the native parts, you can also set CFLAGS and LDFLAGS in the environment.


  • Because the spawned process runs outside the sandbox, it is not visible to Java (it is outside of the sandbox‘s cgroup). This means we can’t enumerate the process's children and traverse the process hierarchy, etc.


Some problems encountered during development: